Q: 13
You are implementing IPSec over FastConnect to connect to a third-party network that is also
connected to OCI via FastConnect. Your company requires a high level of security and isolation
between your network and the third-party’s network. Which of the following is the MOST secure
approach to ensure network isolation when implementing IPSec over FastConnect in this scenario?
Options
Discussion
Probably A here. If you do IPSec directly between your on-prem and the third party's on-prem, it totally avoids OCI and keeps things isolated at the network layer. C adds security features but traffic is still in OCI, so not as isolated. Pretty sure that's what "most secure isolation" means in this context.
Hmm, I'd actually go with C. If you put a virtual firewall in OCI, you can enforce deep inspection and granular policies between both networks, which feels more secure than just locking things down with NSGs. Maybe I'm missing something about isolation but I think C covers both security and visibility pretty well. Agree?
I think C makes more sense here since using a firewall appliance in OCI gives you extra control and inspection of the tunnel traffic, not just basic access control like NSGs. Why not C?
Be respectful. No spam.
